UNC Cluster Targeting South Asian Countries

Aug. 27, 2025, 7:44 p.m.

Description

A South Asian APT group has been consistently targeting Sri Lanka, Bangladesh, Pakistan, and Turkey. The operation involves phishing campaigns using military-themed lures to compromise phones of military personnel. The attackers employ various tactics, including PDF phishing documents, fake login pages for government and military organizations, and malicious Android apps. The Android malware, based on the Rafel Rat, steals information and provides remote access. Victims are primarily from South Asian countries, with stolen data including SMS messages, contact lists, and documents. The operation also uses Windows malware with the same command and control infrastructure.

External References

https://strikeready.com/blog/apt-android-phishing-microsoft
https://otx.alienvault.com/pulse/68af30b96e802c733e0c8b8a
Tags
phishing
credential theft
remote access
rafel rat
information stealer
android malware
2025-08-27
military targets
south asian apt

Date

  • Created: Aug. 27, 2025, 4:22 p.m.
  • Published: Aug. 27, 2025, 4:22 p.m.
  • Modified: Aug. 27, 2025, 7:44 p.m.

Attack Patterns

  • Rafel Rat

Additional Informations

  • Defense
  • Government
  • British Indian Ocean Territory
  • Sri Lanka
  • Bangladesh
  • India
  • Pakistan